Cyber Threat Actor: TheHorsemen

TheHorsemen is a threatactor known by that alias and has been associated with operations originating from China, according to publicly available location information. The actor first came to attention in February 2014 when it claimed responsibility for compromising the official social media presences of the Dubai Police, including accounts on Twitter, Pinterest, LinkedIn and Tumblr. During the intrusion the group posted screenshots as proof of access and disseminated a message accusing the police of surveillance, later removing the content after the Dubai Media Office acknowledged a cyberattack on the accounts.

TheHorsemen’s observed activity focuses on government entities in the United Arab Emirates, specifically targeting police and broader governmental online presences. The actor’s actions are described as part of a campaign dubbed OpDubai, which sought to disrupt multiple UAE government websites in addition to the social media account takeover. By publishing accusatory statements and causing service interruptions, the group demonstrated objectives that include disruption of normal operations and the dissemination of a political message aimed at the targeted institution.

The tactics observed in the reported intrusion involve gaining unauthorized access to social media platforms, capturing and publishing screenshots to validate the breach, and using the compromised accounts to post direct messages. The broader OpDubai campaign also involved disruption of government websites, although the specific technical methods such as malware families, exploit tools or initial access vectors were not disclosed in the source material. Consequently, only the social media hijacking, screenshot proof‑of‑concept and website disruption techniques are confirmed as part of the actor’s repertoire.

Publicly available information places the actor’s operational base in China, but no definitive link to a state sponsor, criminal consortium or other affiliations has been established in the cited reports. The most notable operation attributed to TheHorsemen is the OpDubai campaign, of which the February 2014 Dubai Police social media breach is a representative example, alongside the accompanying disruption of UAE government websites that formed part of the same effort.